678 matches found
WordPress XCloner Plugin <= 3.1.1 - Clear Text MySQL Database Password
Because of this vulnerability, the attackers can obtain sensitive information via unspecified vectors. Solution Update the plugin...
CVE-2014-8522
CVE-2014-8522 concerns the MySQL database component used by McAfee Network Data Loss Prevention (NDLP). The vulnerability stems from the NDLP deployment permitting unauthenticated access to its MySQL database prior to version 9.3, meaning remote attackers could gain access without credentials. Pu...
WordPress Database Manager 2.7.1 Command Injection / Credential Leak
WordPress Database Manager plugin version 2.7.1 suffers from remote command injection and credential leakage vulnerabilities. Title: Vulnerabilities in WordPress Database Manager v2.7.1 Author: Larry W. Cashdollar, @larry0 Date: 10/13/2014 Download: https://wordpress.org/plugins/wp-dbmanager/...
[SECURITY] [DSA 3054-1] mysql-5.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3054-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 20, 2014 http://www.debian.org/security/faq -...
USN-2384-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the...
Immunity Canvas: CVE_2014_5261
Name| CVE20145261 ---|--- CVE| CVE-2014-5261 Exploit Pack| CANVAS Description| CVE-2014-5261 Notes| CVE Name: CVE-2014-5261 VENDOR: The Cacti Group Changelog: http://svn.cacti.net/viewvc?view=rev&revision=7454 Notes: This is a post-authentication command injection vulnerability in Cacti 0.8.8b,...
F5 BIG-IP SQL注入漏洞
No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20130122-1 ======================================================================= title: SQL Injection product: F5 BIG-IP vulnerable version: =11.2.0 fixed version: 11.2.0 HF3 11.2.1 HF3 CVE number: CVE-2012-3000...
InterWorx Control Panel 5.0.13 build 574 (xhr.php, i param) - SQL Injection
No description provided by source. ================================================= Title: SQL injection in InterWorx Control Panel Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.13 build 574 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2014-2531...
MySQL <= 5.1.13 - INFORMATION_SCHEMA - Remote Denial Of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28351/info MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain specially crafted queries. An attacker can exploit this issue to crash the application, denying access to legitimate...
Kimai 0.9.2 - 'db_restore.php' SQL Injection
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient include...
AlienVault OSSIM 4.1.2 - Multiple SQL Injection Vulnerabilities
No description provided by source. RunRunLevel Web Security Research - AlienVault OSSIM multiple SQL Injection vulnerabilities Vendor Website : http://www.alienvault.com INDEX --------------------------------------- 1. Background 2. Description 3. Affected Products 4. Vulnerabilities 5. Solution ...
NooMS CMS 1.1.1 - CSRF
No description provided by source. NooMS CMS version 1.1.1 CSRF Bug Found: April 9th 2011 Found by: loneferret as far as I know anyway Software Download Link: http://phpkode.com/download/p/2381nooms1.1.1.tar.bz2 Nods to exploit-db Team Well, I didn't have much to do this morning so figured I'd tr...
Lingxia I.C.E CMS Remote Blind SQL Injection Exploit
No description provided by source. !/usr/bin/python ICE CMS Blind SQLi 0day. mrme@pluto ice$ python icecold.py -p localhost:8080 -t 10.3.100.25:8500 -d /ice/ | ---------------------------------------------------- | | Lingxia I.C.E CMS Remote Blind SQL Injection Exploit | | by mrme - net-ninja.net...
PHP-Fusion <= 6.00.306 Multiple Vulnerabilities Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo PHPFusion = v6.00.306 avatar modmime arbitrary file upload &\r\n; echo local inclusion vulnerabilities\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; if $argc6 echo Usage: p...
Ultrastats <= 0.2.142 (players-detail.php) Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; ! Discovered.: DNX ! Vendor.....: http://www.shooter-szene.de | http://www.ultrastats.org ! Detected...: 29.06.2008 ! Reported...: 04.07.2008 ! Response...: xx.xx.2008 ! Background.: UltraStats is a very...
Design/Logic Flaw
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors...
Simple SQLi Dumper v5.1 - Tool to find bugs, errors or vulnerabilities in MySQL database
SSDp is an usefull penetration tool to find bugs, errors or vulnerabilities in MySQL database. Functions SQL Injection Operation System Function Dump Database Extract Database Schema Search Columns Name Read File read only Create File read only Brute Table & Column Download Simple SQLi Dumper v5....
[CVE-2014-2531] SQL injection in InterWorx Web Control Panel <= 5.0.13
================================================= Title: SQL injection in InterWorx Control Panel Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.13 build 574 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2014-2531 Solution Status: Fixed in Version...
Ubuntu Update for python-django USN-2169-2
Check for the Version of python-django OpenVAS Vulnerability Test $Id: gbubuntuUSN21692.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for python-django USN-2169-2 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is...
MGASA-2014-0196 Updated python-django packages fix multiple vulnerabilities
Updated python-django and python-dgango14 packages fix security vulnerabilities: Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulti...